Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-34892 |
|
Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
|
| CVE-2025-68049 |
|
Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.
Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.
|
| CVE-2026-39441 |
|
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
|
| CVE-2026-24637 |
|
Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.
Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.
|
| CVE-2026-34900 |
|
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
|
| CVE-2025-68851 |
|
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
|
| CVE-2026-34902 |
|
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
|
| CVE-2026-23970 |
|
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
|
| CVE-2025-68872 |
|
Cross-Site Scripting (XSS) in CVE-2025-68872 (CVE-2025-68872)
cross-site scripting in CVE-2025-68872 (CVE-2025-68872). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39435 |
|
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
|
| CVE-2025-68840 |
|
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
|
| CVE-2026-34891 |
|
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.
|
| CVE-2026-27089 |
|
Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.
Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.
|
| CVE-2025-60175 |
|
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
|
| CVE-2026-48708 |
|
Vulnerability in github.com/OliveTin/OliveTin (CVE-2026-48708)
vulnerability in github.com/OliveTin/OliveTin (CVE-2026-48708). Successful exploitation can lead to full system takeover. Exploitable via ``tpl``. Mitigation: upgrade to `0.0.0-20260521225117-d74da9314005` or later.
|
| CVE-2026-48709 |
|
Vulnerability in github.com/OliveTin/OliveTin (CVE-2026-48709)
vulnerability in github.com/OliveTin/OliveTin (CVE-2026-48709). Risk of unauthorized operations or information disclosure. Exploitable via ``ValidateArgumentType``. Mitigation: upgrade to `0.0.0-20260521230847-a3865704c854` or later.
|
| CVE-2026-48518 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-48518 (CVE-2026-48518)
vulnerability in CVE-2026-48518 (CVE-2026-48518). Risk of unauthorized operations or information disclosure. Exploitable via `POST /multi-juicer/api/teams/{team}/join`.
|
| CVE-2026-48124 |
|
Code Injection in CVE-2026-48124 (CVE-2026-48124)
code injection in CVE-2026-48124 (CVE-2026-48124). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48988 |
|
Vulnerability in markdown-it (CVE-2026-48988)
vulnerability in markdown-it (CVE-2026-48988). Risk of unauthorized operations or information disclosure. Exploitable via ``token.content``. Mitigation: upgrade to `14.2.0` or later.
|
| CVE-2026-54283 |
|
Vulnerability in starlette (CVE-2026-54283)
vulnerability in starlette (CVE-2026-54283). Risk of unauthorized operations or information disclosure. Exploitable via ``max_fields``. Mitigation: upgrade to `1.3.1` or later.
|
| CVE-2026-54285 |
|
Vulnerability in @opentelemetry/core (CVE-2026-54285)
vulnerability in @opentelemetry/core (CVE-2026-54285). Risk of unauthorized operations or information disclosure. Exploitable via ``baggage``. Mitigation: upgrade to `2.8.0` or later.
|
| CVE-2026-54282 |
|
Vulnerability in Starlette (CVE-2026-54282)
vulnerability in Starlette (CVE-2026-54282). Risk of unauthorized operations or information disclosure. Exploitable via ``request.url``. Mitigation: upgrade to `1.3.0` or later.
|
| CVE-2026-54281 |
|
Authorization Flaw in @nestjs/platform-fastify (CVE-2026-54281)
vulnerability in @nestjs/platform-fastify (CVE-2026-54281). Risk of unauthorized operations or information disclosure. Exploitable via `GET /resource`. Mitigation: upgrade to `11.1.24` or later.
|
| CVE-2026-53539 |
|
Vulnerability in python-multipart (CVE-2026-53539)
vulnerability in python-multipart (CVE-2026-53539). Risk of unauthorized operations or information disclosure. Exploitable via ``QuerystringParser``. Mitigation: upgrade to `0.0.30` or later.
|
| CVE-2026-53538 |
|
Vulnerability in python-multipart (CVE-2026-53538)
vulnerability in python-multipart (CVE-2026-53538). Risk of unauthorized operations or information disclosure. Exploitable via ``QuerystringParser``. Mitigation: upgrade to `0.0.30` or later.
|
| CVE-2026-53537 |
|
Vulnerability in python-multipart (CVE-2026-53537)
vulnerability in python-multipart (CVE-2026-53537). Risk of unauthorized operations or information disclosure. Exploitable via ``parse_options_header``. Mitigation: upgrade to `0.0.30` or later.
|
| CVE-2026-54257 |
|
Vulnerability in electron (CVE-2026-54257)
vulnerability in electron (CVE-2026-54257). Risk of unauthorized operations or information disclosure. Exploitable via ``Buffer``. Mitigation: upgrade to `42.3.3` or later.
|
| CVE-2026-53705 |
|
Vulnerability in CVE-2026-53705 (CVE-2026-53705)
vulnerability in CVE-2026-53705 (CVE-2026-53705). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53704 |
|
Out-of-Bounds Read in CVE-2026-53704 (CVE-2026-53704)
vulnerability in CVE-2026-53704 (CVE-2026-53704). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53703 |
|
Out-of-Bounds Read in CVE-2026-53703 (CVE-2026-53703)
vulnerability in CVE-2026-53703 (CVE-2026-53703). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50890 |
|
SQL Injection in sqli (CVE-2026-50890)
SQL injection in sqli (CVE-2026-50890). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52722 |
|
Vulnerability in CVE-2026-52722 (CVE-2026-52722)
vulnerability in CVE-2026-52722 (CVE-2026-52722). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52721 |
|
Out-of-Bounds Read in CVE-2026-52721 (CVE-2026-52721)
vulnerability in CVE-2026-52721 (CVE-2026-52721). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52719 |
|
Out-of-Bounds Read in CVE-2026-52719 (CVE-2026-52719)
vulnerability in CVE-2026-52719 (CVE-2026-52719). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52720 |
|
Vulnerability in CVE-2026-52720 (CVE-2026-52720)
vulnerability in CVE-2026-52720 (CVE-2026-52720). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50892 |
|
Vulnerability in nginx (CVE-2026-50892)
vulnerability in nginx (CVE-2026-50892). Confidential information can be exposed externally.
|
| CVE-2026-50891 |
|
Vulnerability in CVE-2026-50891 (CVE-2026-50891)
vulnerability in CVE-2026-50891 (CVE-2026-50891). Confidential information can be exposed externally.
|
| CVE-2026-50886 |
|
Vulnerability in CVE-2026-50886 (CVE-2026-50886)
vulnerability in CVE-2026-50886 (CVE-2026-50886). Confidential information can be exposed externally.
|
| CVE-2026-50885 |
|
Vulnerability in CVE-2026-50885 (CVE-2026-50885)
vulnerability in CVE-2026-50885 (CVE-2026-50885). Confidential information can be exposed externally.
|
| CVE-2026-50884 |
|
Vulnerability in CVE-2026-50884 (CVE-2026-50884)
vulnerability in CVE-2026-50884 (CVE-2026-50884). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50881 |
|
Vulnerability in CVE-2026-50881 (CVE-2026-50881)
vulnerability in CVE-2026-50881 (CVE-2026-50881). Confidential information can be exposed externally.
|
| CVE-2026-50888 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50888)
SSRF in ssrf (CVE-2026-50888). Confidential information can be exposed externally.
|
| CVE-2026-50887 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50887)
SSRF in ssrf (CVE-2026-50887). Confidential information can be exposed externally.
|
| CVE-2026-50882 |
|
Vulnerability in dos (CVE-2026-50882)
vulnerability in dos (CVE-2026-50882). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50889 |
|
Vulnerability in dos (CVE-2026-50889)
vulnerability in dos (CVE-2026-50889). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50883 |
|
Cross-Site Scripting (XSS) in CVE-2026-50883 (CVE-2026-50883)
cross-site scripting in CVE-2026-50883 (CVE-2026-50883). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50874 |
|
OS Command Injection in CVE-2026-50874 (CVE-2026-50874)
OS command injection in CVE-2026-50874 (CVE-2026-50874). Confidential information can be exposed externally.
|
| CVE-2026-50876 |
|
Cross-Site Scripting (XSS) in CVE-2026-50876 (CVE-2026-50876)
cross-site scripting in CVE-2026-50876 (CVE-2026-50876). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50875 |
|
Vulnerability in CVE-2026-50875 (CVE-2026-50875)
vulnerability in CVE-2026-50875 (CVE-2026-50875). Data can be tampered with by attackers.
|
| CVE-2026-50877 |
|
Path Traversal in path-traversal (CVE-2026-50877)
path traversal in path-traversal (CVE-2026-50877). Confidential information can be exposed externally.
|